Security News

Pet retail giant PetSmart is warning some customers their passwords were reset due to an ongoing credential stuffing attack attempting to breach accounts. In new email notifications sent to PetSmart customers first seen by DarkWebInformer, the company warns that customers are being targeted by credential stuffing attacks used to gain access to their accounts.

Hackers are conducting widescale attacks on WordPress sites to inject scripts that force visitors' browsers to bruteforce passwords for other sites. They then hack X accounts, create YouTube videos, or take out Google and X advertisements to promote the sites and steal visitor's cryptocurrency.

The National Intelligence Service in South Korea warns that North Korean hackers target domestic semiconductor manufacturers in cyber espionage attacks. In the cases observed by the NIS, the North Korean adversaries used "Living off the land" tactics, which entails abusing legitimate software tools for malicious purposes to evade detection by security products.

The U.S. Department of Justice has unveiled an indictment against Alireza Shafie Nasab, a 39-year-old Iranian national, for his role in a cyber-espionage campaign targeting U.S. government and defense entities. The U.S. DoJ announcement says Nasab's job with Mahak Rayan Afraz was merely a front for the hacker's malicious operations.

A cyberattack on UnitedHealth Group subsidiary Optum that led to an ongoing outage impacting the Change Healthcare payment exchange platform was linked to the BlackCat ransomware group by sources familiar with the investigation. One of those involved in these calls told BleepingComputer that the attack was linked to the BlackCat ransomware gang by forensic experts involved in the incident response.

US healthcare giant UnitedHealth Group announced that its subsidiary Optum suffered a cyberattack by "Nation-state" hackers on the Change Healthcare platform, forcing the company to shut down IT systems and various services.Its subsidiary, Optum Solutions, operates the Change Healthcare platform, which is the largest payment exchange platform between doctors, pharmacies, healthcare providers, and patients in the US healthcare system.

Bank of America is warning customers of a data breach exposing their personal information after one of its service providers was hacked last year.While Bank of America has yet to disclose how many customers were impacted by the data breach, Infosys McCamish Systems, the vendor that had its systems compromised, revealed in a recent filing with the Attorney General of Maine that 57,028 had their data exposed in the incident.

Choosing the right partner when outsourcing cybersecurityIn this Help Net Security interview, Anya Shpilman, Senior Executive, Cyber Security Services at WDigital, discusses the benefits and potential risks of outsourcing cybersecurity services. Key strategies for ISO 27001 compliance adoptionIn this Help Net Security interview, Robin Long, founder of Kiowa Security, shares insights on how best to approach the implementation of the ISO/IEC 27001 information security standard.

The U.S. Department of Justice arrested and charged two more suspects for their involvement in the hacking of almost 68,000 DraftKings accounts in a November 2022 credential stuffing attack. One month later, DraftKings said it had refunded hundreds of thousands of dollars stolen from 67,995 customers whose accounts were hijacked in the incident.

New York Attorney General Letitia James sued Citibank over its failure to defend customers against hacks and scams and refusing to reimburse victims after allowing fraudsters to steal millions from their accounts. The complaint claims that because it's providing online and mobile banking options for wire transfers, Citibank should also compensate fraud victims, akin to the protections afforded to victims of electronic credit or debit card fraud under the same legislation.